3 days ago, US homeland security has recommended applying a Microsoft patch: http://news.com.com/Homeland+Security+Fix+your+Windows/2100-7348_3-6103805.html?tag=nl
Now, CNET News’ Charles Cooper is taking this opportunity to look back at Microsoft security and ask to go beyond the current approach: http://news.com.com/Microsoft+security-no+more+second+chances/2010-1002_3-6104512.html?tag=html.alert
Microsoft’s current approach really includes:
- fewer bugs to begin with (from the production process changes and security focus dating back from Bill Gates "Trustworthy Computing Initiative" – it’s almost 5 years now.
- a standard, regular bug fixing process – see the "Patch Tuesday"
- Microsoft products users/customers to follow carefully and promptly quite complex configuration management procedures to apply those patches.
Is this enough? Software and security architects can argue till the end of time that this is as good as a worldwide global platform can reasonably get, or just as well that this is an unbearable situation or shameful – just as Charles Cooper does.
What else can be done? Perhaps let’s start from what has probably happened so far:
- priorities in Microsoft software development must have shifted: for some years now, security is likely as high in priority as it can possibly be considering other pressures for features, time, etc.
- key products such as the new DBMS (including a newly architected application-to-application communication) have been delayed by years and years. This is now happening for the core client operating system, too.
What appears not to have happened is that some key products be rearchitected and rewritten from the core with this new security priority, rather than patched and strengthened.
Can this drastically change the reliability of Microsoft software? Will be looking for experts’ opinions.
At a minimum, Microsoft could provide a clear statement about when and how can core pieces of software be completely rearchitectured for security. Or have been, maybe. That will be at least as meaningful as the current vulnerabilities beauty contest.
Where can this realistically and economically happen? Possibly in some cornerstones such as the client operating system’s basic services.
How can this happen? What would happen if a new version of core Windows services were designed and developed embracing the development model, and possibly some components and design principles, of open source?